Free Comment Box - Myles Web Design

The code below is in this file, comment_box2.php.
The first 5 lines are the form which dispays the two boxes asking for the user name and message.
The remainder is the php code which displays the information in the database.

When the user clicks the submit button, the file action_comment_box2.php gets called.
This code can be seen further down the page.

<form action="php/action_comment_box2.php" method="post"> 
Name &nbsp;&nbsp;&nbsp;&nbsp;<input type="text" name="MWD_form_name" /><br /> 
Message <input type="text" name="MWD_form_comment" /><br /> 
<input type="submit" /> 
</form>

<?php 
$MWD_sqlserver = "name_of_sqlserver_localhost"; 
$MWD_sqluserid = "your_server_userid"; 
$MWD_sqlpassword = "your_server_pasword"; 
$MWD_sqldatabase = "your_database_name"; 
 

if(!($MWD_Con = mysqli_connect($MWD_sqlserver, $MWD_sqluserid, $MWD_sqlpassword) <br />or die(mysqli_error($MWD_Con)))) 

{ printf("Errormessage: %s\n", mysqli_error($MWD_Con)); 
} 
if(!(mysqli_select_db($MWD_Con,$MWD_sqldatabase) or die(mysqli_error($MWD_Con)))) 
{ printf("Errormessage: %s\n", mysqli_error($MWD_Con)); 
} 
 
if(!($result = mysqli_query($MWD_Con,"SELECT * FROM MWD_Tb_CommentsBox_SQLinjectionProtection"))) 
    { printf("Errormessage 140: %s\n", mysqli_error($MWD_Con));} 
while($row = mysqli_fetch_array($result)) 
  { 
  echo "<br />";  
  echo "<div class='message'>"; 
  echo "<div class='label_author'>"; 
  echo "Author:"; 
  echo"</div>"; 
  echo "<div class='author'>"; 
  echo $row['MWD_col_name']; 
  echo "</div>"; 
  echo "<br /> " ; 
  echo "<div class='comment'>"; 
  echo $row['MWD_col_comment']; 
  echo "</div>"; 
  echo "</div>";//end of message class div tag 
  echo "<br />"; 
  } 
mysqli_free_result($result); 
mysqli_close($MWD_Con);  
?>

Below is the code in the file php/action_comment_box2.php.
Basiclly what this code does is, add the new user data from the form to the database, and then reload the page comment_box2.php

<?php 
$MWD_sqlserver = "name_of_sqlserver_localhost"; 
$MWD_sqluserid = "your_server_userid"; 
$MWD_sqlpassword = "your_server_pasword"; 
$MWD_sqldatabase = "your_database_name"; 

if(!($MWD_Con = mysqli_connect($MWD_sqlserver, $MWD_sqluserid, $MWD_sqlpassword) 
or die(mysqli_error($MWD_Con))))
{ printf("Errormessage: %s\n", mysqli_error($MWD_Con)); 
} 
if(!(mysqli_select_db($MWD_Con,$MWD_sqldatabase) or die(mysqli_error($MWD_Con))))
{ printf("Errormessage: %s\n", mysqli_error($MWD_Con)); 
} 
// Create a MySQL table in the selected database 
if(!(mysqli_query($MWD_Con,"CREATE TABLE IF NOT EXISTS
 MWD_Tb_CommentsBox_SQLinjectionProtection( 
id INT NOT NULL AUTO_INCREMENT,  
PRIMARY KEY(id), 
 MWD_col_name VARCHAR(30),  
 MWD_col_comment VARCHAR(200))")or die(mysql_error()))) 
{ printf("Errormessage: %s\n", mysqli_error($MWD_Con)); 
} 

$MWD_name = $_POST['MWD_form_name']; 
$MWD_comment = $_POST['MWD_form_comment']; 
if($MWD_name && $MWD_name) 
{ 
    $MWD_name = mysqli_real_escape_string($MWD_Con,$MWD_name); 
    $MWD_comment = mysqli_real_escape_string($MWD_Con,$MWD_comment); 
    if(!(mysqli_query($MWD_Con,"INSERT INTO MWD_Tb_CommentsBox_SQLinjectionProtection 
(MWD_col_name, MWD_col_comment)
 VALUES('$MWD_name','$MWD_comment') "))) 
    { printf("Errormessage 137 : %s\n", mysqli_error($MWD_Con));} 
} 
else//Both fields are empty so do nothing, you could maybe give an error message
{} 
mysqli_close($MWD_Con);  

header('Location:http://www.myleswebdesign.co.uk/comment_box2.php'); 
?>

Author:

Bruce Myles, Dundee Web Designer

Glad you like it Tom. If you use it please put a link on your site to this page. Any questions or requests just ask.

Author:

tom

looks good, thanks!

Author:

Bruce Myles

PHP code that adds the name and comments to the MySQL database has been moved to an different file, so now if the user hits the refresh button, the data doesn't get resent

Author:

Bruce Myles

This comment box has SQL injection protection and has some styles added to displayed messages.